2024-06-04 15:17:59.618853+0100 ProxyAgent[20233:29237510] [xpc.exceptions] <NSXPCConnection: 0x60000331cb40> connection from pid 20227 on anonymousListener or serviceListener: Exception caught during decoding of received selector newFlowWithIdentifier:to:type:metadata:socket:, dropping incoming message. Exception: Exception while decoding argument 4 (#6 of invocation): <NSInvocation: 0x600001778780> return value: {v} void target: {@} 0x0 selector: {:} null argument 2: {@} 0x6000017787c0 argument 3: {@} 0x60000002d170 argument 4: {q} 1 argument 5: {@} 0x600001746600 argument 6: {@} 0x0 Exception: decodeObjectForKey: Object of class "NSFileHandle" returned nil from -initWithCoder: while being decoded for key <no key> The extension is in Swift; the recipient is in ObjC (wheeeeee). Based on the extension's logging, the FileHandle is not nil. I am trying to pass a FileHandle based on a socketpair up to the user-land code. The sockets are created happily. Any ideas what's going wrong here?

I'm mostly thinking of a Transparent Proxy Provider, as usual, but... how does one test it? I can't see how one would do it with unit tests (although you could break out code and test some of that code). Since it requires MDM or user approval, that makes automated tests a bit difficult. I have this monstrous vision of writing a program that loads the extension and invokes the appropriate methods on it but that just leads to other questions about subclasses. I'm sure other people have thought about this and am curious what the thoughts are. 😄

This doesn't particularly surprise me, but I am curious about it, and whether we can change it: our TPP won't start if the only IP address available is in 169.254.0.0/16. I can see (from our logs) that the preferences are loaded & saved, and the extension is loaded, but until it gets a real address, the startProxy method is not invoked.

First, for the  employees reading, I filed FB14844573 over the weekend, because this is a reproducible panic or hang. whee I ran our stress tests for an entire long weekend, and my machine panicked, due to mbufs. Normally, I tell my coworkers that we can't really do anything to cause a panic -- but we're doing network things, so this is an exception. I started periodically testing the mbufs while the tests were running -- netstat -m | grep 'mbufs in use' -- and noticed that in fact they were going up, and never decreasing. Even if I killed our code and uninstalled the extensions. (They're increasing at about ~4mbufs/sec.) Today I confirmed that this only happens if we include UDP packets: let udpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .UDP) let tcpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .TCP) ... settings.includedNetworkRules = [udpRule, tcpRule] If I comment out that udpRule, part, mbufs don't leak. Our handleNewUDPFlow(:, initialRemoteEndpoint:) method checks to see if the application is a friendly one, and if so it returns false. If it isn't friendly, we want to block QUIC packets: if let host = endpoint as? NWHostEndpoint { if host.port == "80" || host.port == "443" { // We need to open it and then close it flow.open(withLocalEndpoint: nil) { error in Self.workQueue.asyncAfter(deadline: .now() + 0.01) { let err = error ?? POSIXError(POSIXErrorCode.ECONNABORTED) flow.closeReadWithError(err) flow.closeWriteWithError(err) } } return true } } return false Has anyone else run into this? I can't see that it's my problem at that point, since the only thing we do with UDP flows is to either say "we don't want it, you handle it" or "ok sure, we'll take it but then let's close it immediately".

This is definitely a weird one -- the laptop is running macOS 12, but it's trying to build using macOS 13 SDK? (The machine cannot run anything later than macOS 12, btw.) In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.1.sdk/System/Library/Frameworks/CoreFoundation.framework/Headers/CFStream.h:20: /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.1.sdk/usr/include/dispatch/dispatch.h:69:10: fatal error: 'dispatch/block.h' file not found #include <dispatch/block.h> ^~~~~~~~~~~~~~~~~~ 1 error generated. I'm trying xcode-select --install but has anyone run into this before?

I'm playing around with using an app to automate some of my personal work flows, and one of the things I wanted to do was to be able to drag a .webloc file onto my app icon in the dock, to launch it. I've got public.data set up as a document type for it in Xcode, which translated to &lt;key&gt;CFBundleDocumentTypes&lt;/key&gt; &lt;array&gt; &lt;dict&gt; &lt;key&gt;CFBundleTypeRole&lt;/key&gt; &lt;string&gt;Viewer&lt;/string&gt; &lt;key&gt;LSHandlerRank&lt;/key&gt; &lt;string&gt;Default&lt;/string&gt; &lt;key&gt;LSItemContentTypes&lt;/key&gt; &lt;array&gt; &lt;string&gt;public.data&lt;/string&gt; &lt;/array&gt; &lt;/dict&gt; &lt;/array&gt; in the Info.plist for it, which seems correct. When I drag a .webloc file onto the Dock icon, it appears to be willing to accept it, but nothing seems to happen. In the app, I've got an AppDelegate.swift file which has extension Notification.Name { static let receivedURLsNotification = Notification.Name("ReceivedURLsNotification") } class AppDelegate: NSObject, NSApplicationDelegate { func application(_ application: NSApplication, open urls: [URL]) { guard !urls.isEmpty else { return } NotificationCenter.default.post(name: .receivedURLsNotification, object: nil, userInfo: ["URLs": urls]) } } (I copied it almost verbatim from a Medium post.) In the app swift file, I have @main struct LoggerApp: App, DropDelegate { @NSApplicationDelegateAdaptor(AppDelegate.self) var appDelegate I set a breakpoint on application(_:NSApplication, open:[URL]), and did my drag, and the breakpoint never triggered. I added the application(didFinishLaunching(_:Notification) method, and that does get invoked when the app launches, so the app delegate does seem to be working. That seems to indicate the problem is somewhere else?

I have this code: var eventIn = kevent(ident: UInt(self.socket), filter: Int16(EVFILT_WRITE), flags: UInt16((EV_ADD | EV_ENABLE)), fflags: 0, data: 0, udata: nil ) I looked at it and thought why do I have those extra parentheses? So I changed it to var eventIn = kevent(ident: UInt(self.socket), filter: Int16(EVFILT_WRITE), flags: UInt16(EV_ADD | EV_ENABLE), // changed line! fflags: 0, data: 0, udata: nil ) and then kevent gave me EBADF. Does this make sense to anyone?

My load average on a largely idle system is around 22, going up to 70 or so periodically; SSMenuAgent seems to be consuming lots of CPU (and, looking at spindump, it certainly seems busy), but... it's not happening on any other system whose screens I am observing. (Er, I know about load average limitations, the process is also consuming 70-98% CPU according to both top and Activity Monitor.) Since this machine (although idle) has our network extension, I'm trying to figure out if this is due to that, or of this is generally expected. Anyone?

* [Error] Failed to stop recording session: Failed stoping ktrace session. (xcode-select version 2409) So why can't it stop the ktrace session? And how long has that typo been around? 😄 (Look, I've kept typos in log messages for years because it differentiated that message from other messages.)

% mkdir /tmp/test % cd /tmp/test % touch {a,b,c}{1,2,3,4,5,6}.txt % lf a1.txt a3.txt a5.txt b1.txt b3.txt b5.txt c1.txt c3.txt c5.txt a2.txt a4.txt a6.txt b2.txt b4.txt b6.txt c2.txt c4.txt c6.txt % echo [b-z]*.txt a1.txt a2.txt a3.txt a4.txt a5.txt a6.txt b1.txt b2.txt b3.txt b4.txt b5.txt b6.txt c1.txt c2.txt c3.txt c4.txt c5.txt c6.txt I filed FB16715590 about this. I have a vague memory this might be related to some code to pretend to be case insensitive, but I can't find it now.

It looks like, for some reason, our apps are using a bunch of power sometimes. sysdiagnose has this in the power log: Never mind. Including the output of sysdiagnose has "sensitive language," and it won't tell me what is sensitive, making this a waste of my time. ETA: Ok, I I can attach the file: power.log I've gone through the energy documentation, but it seems geared towards embedded, not macOS, so I'm not sure how I can figure this out more. The extra problem, of course, is that we have a network extension, two daemons, and a GUI app. 😄

The stuff I've found by searching has confused me, so hopefully someone can help simplify it for me? I have an app (I use it for logging which books I've given away), and I could either add a bunch of things to the app, or I could have another app (possibly a CLI tool) to generate some reports I'd like.

Clearly not percentage, but the units don't seem to be specified... The real problem we have right now is that, with macOS 15.5, our suite gets a huge amount of "energy impact" points, even though diving into it, it doesn't seem to do that. The most telling example I have of that is: I ran each of our daemons from Terminal, unplugged my laptop, closed the lid, and let it stay there for 8 or 9 hours. When I woke it back up, Activity Monitor claimed it had 2,000 units or so, but after opening all of the disclosure triangles, none of the processes (including the hand-started daemons) used anything close to that. Also, the battery had almost no drain on it. We're getting complaints about this, so I'm trying to figure out what, exactly is going on, but I never looked at the power stuff internally so I don't know how to read the diagnostic files.

I filed FB19631435 about this just now. Basically: starting with 15.6, we've had reports (internally and outternally) that after some period of time, networking fails so badly that it can't even acquire a DHCP lease, and the system needs to be rebooted to fix this. The systems in question all have at least 2 VPN applications installed; ours is a transparent proxy provider, and the affected system also had Crowdstrike's Falcon installed. A customer system reported seemingly identical failures on their systems; they don't have Crowdstrike, but they do have Cyberhaven's. Has anyone else seen somethng like this? Since it seems to involve three different networking extensions, I'm assuming it's due to an interaction between them, not a bug in any individual one. But what do I know? 😄